Windows Analysis Report
C6vUL5mbuA.exe

Overview

General Information

Sample name: C6vUL5mbuA.exe
renamed because original name is a hash value
Original sample name: 237c79ce9279986b9db777dd88a64e41.exe
Analysis ID: 1579686
MD5: 237c79ce9279986b9db777dd88a64e41
SHA1: c8bdf0bea0a11a8ab412ea55b8c7be25110c4d56
SHA256: f14cb20ac80c529925ca0e09a61201a9fe6cc6cefd7d65be838f223deb6e98e1
Tags: exeuser-abuse_ch
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for sample
PE file does not import any functions
PE file overlay found
Uses 32bit PE files

Classification

AV Detection

barindex
Source: C6vUL5mbuA.exe Virustotal: Detection: 20% Perma Link
Source: C6vUL5mbuA.exe ReversingLabs: Detection: 34%
Source: Submited Sample Integrated Neural Analysis Model: Matched 86.5% probability
Source: C6vUL5mbuA.exe Joe Sandbox ML: detected
Source: C6vUL5mbuA.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C6vUL5mbuA.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C6vUL5mbuA.exe Static PE information: No import functions for PE file found
Source: C6vUL5mbuA.exe Static PE information: Data appended to the last section found
Source: C6vUL5mbuA.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: mal56.winEXE@0/0@0/0
Source: C6vUL5mbuA.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C6vUL5mbuA.exe Virustotal: Detection: 20%
Source: C6vUL5mbuA.exe ReversingLabs: Detection: 34%
Source: C6vUL5mbuA.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: C6vUL5mbuA.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: C6vUL5mbuA.exe Static file information: File size 2268590 > 1048576
Source: C6vUL5mbuA.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x31c600
Source: C6vUL5mbuA.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
No contacted IP infos